{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-3736","assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","state":"PUBLISHED","assignerShortName":"VulDB","dateReserved":"2024-04-12T19:33:30.405Z","datePublished":"2024-04-13T14:00:06.364Z","dateUpdated":"2024-08-01T20:20:01.106Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB","dateUpdated":"2024-04-13T14:00:06.364Z"},"title":"cym1102 nginxWebUI upload unrestricted upload","problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-434","lang":"en","description":"CWE-434 Unrestricted Upload"}]}],"affected":[{"vendor":"cym1102","product":"nginxWebUI","versions":[{"version":"3.9.0","status":"affected"},{"version":"3.9.1","status":"affected"},{"version":"3.9.2","status":"affected"},{"version":"3.9.3","status":"affected"},{"version":"3.9.4","status":"affected"},{"version":"3.9.5","status":"affected"},{"version":"3.9.6","status":"affected"},{"version":"3.9.7","status":"affected"},{"version":"3.9.8","status":"affected"},{"version":"3.9.9","status":"affected"}]}],"descriptions":[{"lang":"en","value":"A vulnerability was found in cym1102 nginxWebUI up to 3.9.9. It has been declared as problematic. Affected by this vulnerability is the function upload of the file /adminPage/main/upload. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-260575."},{"lang":"de","value":"In cym1102 nginxWebUI bis 3.9.9 wurde eine problematische Schwachstelle ausgemacht. Es geht um die Funktion upload der Datei /adminPage/main/upload. Durch das Manipulieren mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung."}],"metrics":[{"cvssV3_1":{"version":"3.1","baseScore":4.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L","baseSeverity":"MEDIUM"}},{"cvssV3_0":{"version":"3.0","baseScore":4.3,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L","baseSeverity":"MEDIUM"}},{"cvssV2_0":{"version":"2.0","baseScore":4,"vectorString":"AV:N/AC:L/Au:S/C:N/I:N/A:P"}}],"timeline":[{"time":"2024-04-12T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"time":"2024-04-12T02:00:00.000Z","lang":"en","value":"VulDB entry created"},{"time":"2024-04-12T21:38:50.000Z","lang":"en","value":"VulDB entry last update"}],"references":[{"url":"https://vuldb.com/?id.260575","name":"VDB-260575 | cym1102 nginxWebUI upload unrestricted upload","tags":["vdb-entry","technical-description"]},{"url":"https://vuldb.com/?ctiid.260575","name":"VDB-260575 | CTI Indicators (IOB, IOC, TTP, IOA)","tags":["signature","permissions-required"]},{"url":"https://github.com/cym1102/nginxWebUI/issues/138","tags":["issue-tracking"]},{"url":"https://github.com/cym1102/nginxWebUI/files/14818455/nginxwebui.rce.3.9.9.pdf","tags":["exploit"]}]},"adp":[{"title":"CISA ADP Vulnrichment","metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2024-3736","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"version":"2.0.3","timestamp":"2024-05-13T14:27:08.455371Z"}}}],"providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-06-04T17:32:12.632Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-01T20:20:01.106Z"},"title":"CVE Program Container","references":[{"url":"https://vuldb.com/?id.260575","name":"VDB-260575 | cym1102 nginxWebUI upload unrestricted upload","tags":["vdb-entry","technical-description","x_transferred"]},{"url":"https://vuldb.com/?ctiid.260575","name":"VDB-260575 | CTI Indicators (IOB, IOC, TTP, IOA)","tags":["signature","permissions-required","x_transferred"]},{"url":"https://github.com/cym1102/nginxWebUI/issues/138","tags":["issue-tracking","x_transferred"]},{"url":"https://github.com/cym1102/nginxWebUI/files/14818455/nginxwebui.rce.3.9.9.pdf","tags":["exploit","x_transferred"]}]}]}}